US Faces Balancing Act as AI Adoption Outpaces Regulation
Organisations are deploying artificial intelligence faster than regulators can establish rules. Eighty-eight percent of companies now use AI in at least one business function, with 71% regularly deploying generative AI, according to McKinsey's 2025 State of AI report. Yet only 31% of AI initiatives have reached full production, and gains remain concentrated among leading organisations.
This speed-versus-oversight tension defines the current moment for executives. The question is no longer whether regulation arrives, but whether fragmented US rules will accelerate or constrain progress.
The Fragmentation Problem
The US lacks a single AI regulatory framework. Instead, companies navigate federal agency guidance, state-level laws, and pressure from international standards like the EU AI Act.
This fragmentation creates real friction at scale. George Tziahanas, VP of Compliance and Associate General Counsel at Archive360, says the complexity is often overstated-many state rules share common principles. But Peri Kadaster, Chief Communications Officer at Nearform, disagrees: companies hesitate to scale AI deployment due to uncertainty about future regulatory direction.
The distinction matters. Experimentation continues. Enterprise-wide rollouts slow.
Large organisations often adopt a "highest common denominator" approach, designing systems to meet the strictest anticipated standards. This defensive posture can act as a brake on momentum.
Enterprises Are Building Governance In-House
Rather than waiting for regulatory clarity, organisations are embedding governance into AI strategy from the start.
Tziahanas sees companies extending existing compliance frameworks rather than inventing new ones. They reference standards like NIST's AI Risk Management Framework and ISO 42001. This shift from reactive compliance to proactive governance treats regulation as a design problem, not an external constraint.
Financial services firms lead this evolution. Nicholas Goble, Director of Solution Architecture at Domino Data Lab, says they leverage established model risk frameworks instead of waiting for AI-specific rules. The challenge: traditional governance was designed for dozens of models. Today's enterprises manage hundreds or thousands, many of which change dynamically.
Manual oversight no longer works. Automation, version control, and continuous monitoring are now essential.
Leading organisations go further by treating compliance as a design principle. Kadaster describes companies building modular systems that adapt to different regulatory environments-turning compliance into a product capability rather than a legal afterthought.
Europe's Influence Reaches US Firms
Even without unified domestic rules, US companies operate under global pressure. The EU AI Act applies to any organisation with European exposure, regardless of US requirements.
Tziahanas highlights the Act's extraterritorial reach: penalties apply to global revenues. This creates a de facto global baseline. When US standards remain unclear, many organisations default to European requirements instead.
Goble notes the paradox: fragmentation at home, convergence abroad. US firms navigate inconsistent domestic rules while aligning with stricter international frameworks.
Regulatory ambiguity-not strictness-may push innovation offshore. Kadaster observes that organisations increasingly seek jurisdictions with clearer expectations, even if compliance requirements are higher.
What Executives Should Do Now
Waiting for regulatory certainty is not viable. Tziahanas is direct: "If a company is waiting for regulatory clarity to adopt AI, they have already lost."
Governance, data quality, and risk management must be foundational capabilities, not afterthoughts. Success depends on preparing for regulation, not predicting it.
Experts agree that a comprehensive federal framework is unlikely soon. Regulators will adapt existing authorities incrementally rather than introduce sweeping legislation. But greater clarity is essential.
Kadaster frames clarity as competitive advantage: "Speed requires confidence, and confidence requires transparency about the guardrails." Well-defined boundaries can accelerate innovation.
Flexibility matters equally. Overly prescriptive rules risk obsolescence in a rapidly evolving field. Tziahanas warns that regulatory schemes must focus on outcomes-accuracy, bias, security-rather than technical prescriptions.
The Real Competition
The AI regulation race is not innovation versus oversight. It is speed versus stability, risk versus reward.
The US retains advantage through its dynamic private sector and technology ecosystem. But without clearer regulatory direction, that advantage becomes harder to sustain as global standards evolve.
Winners will not be those moving fastest without constraints. They will be those building systems that scale responsibly within them. That requires robust governance, adaptable architecture, and transparent AI systems.
For executives, AI strategy now means treating governance as competitive advantage. Those who invest in it early will navigate uncertainty better than those who treat it as a compliance checkbox.
Your membership also unlocks:
